package cn.wei.youvie.config;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;

import java.util.List;


/**
 * security配置类
 */
@Configuration
@EnableWebMvc
@EnableWebSecurity
public class WebSecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                //禁用csrf
                .csrf(CsrfConfigurer::disable)
                //跨域配置
                .cors(cors -> cors.configurationSource(request -> {
                    // 这里可以自定义CORS配置，例如允许所有来源和请求方法
                    CorsConfiguration corsConfiguration = new CorsConfiguration();
                    corsConfiguration.setAllowCredentials(true);
                    corsConfiguration.setAllowedOrigins(List.of("http://localhost:5666")); // 允许来源
                    corsConfiguration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); // 允许这些方法
                    corsConfiguration.setAllowedHeaders(List.of("*")); // 允许所有头信息
                    return corsConfiguration;
                }))
                .authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll());
        // 可以添加更多的安全配置，如登录、登出、OAuth2等

        return http.build();
    }



}